Systems and methods for securely pairing a transmitting device with a receiving device

ABSTRACT

Systems and methods for securely pairing a transmitting device with a receiving device are described. The systems and methods may communicate with a first device via a first communication method over a wireless communication network. The systems and methods may transmit, to the first device via a second communication method, a first sensory pattern representing a first key. In addition, the system and methods may communicate with the first device via the first communication method using the first key.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to U.S. patent application Ser. No.15/814,607, filed on Nov. 16, 2017, which is expressly incorporatedherein by reference in its entirety.

DESCRIPTION Technical Field

The disclosed embodiments generally relate to information technologysecurity, and more particularly, to securely pairing a transmittingdevice with a receiving device.

Technical Field

The disclosed embodiments generally relate to information technologysecurity, and more particularly, to securely pairing a transmittingdevice with a receiving device.

BACKGROUND

Recent advances in technology often require a connection to beestablished between two devices. Establishing a connection between twodevices is often referred to as pairing. To pair, devices often usecommunication protocols, such as Bluetooth™ or Wireless, that enable thedevices to communicate with each other in order to establish theconnection. Typically, the process for pairing devices requires thedevices to authenticate with each other by sharing security keys viathese communication protocols. A security key, which is alternativelyoften referred to as a private key or secret key, must remain secretbetween the communicating parties if it is intended that futurecommunication, including long range communication, between thecommunicating paired devices is to remain private.

However, communication protocols, such as Bluetooth™ or Wireless, areoften vulnerable to attacks by untrusted third parties. For example, anuntrusted third-party may uncover the content of messages usingspecialized sniffing programs or techniques, such as blueprinting,bluesnarfing, bluebugging, bluejacking, bluesmacking, man-in-the-middleattacks, address resolution protocol spoofing, etc. An untrustedthird-party may use one or more of these specialized techniques touncover the security keys that are shared between the two devices,which, therefore, makes the connection between the two devices unsecure.

In some existing systems, a trusted authority may issue a certificate orother technique for communicating the secret key. Thus, the trustedauthority may hide the secret from anyone listening to a network usingcomplexed protocols and procedures. In addition, by requiring a trustedauthority, these systems often increase the storage overhead as well asdecrease the speed of pairing between the devices.

Thus, a new technique for sharing security keys between two devices isneeded to reduce the risks of untrusted third parties from interceptingthe security key when the security key is shared in the clear (i.e.,unencrypted, or in an open environment using one or more of thecommunication protocols), increase the security and speed of pairingbetween the two devices, and reduce the amount of overhead that isrequired to share security keys. In view of these and other shortcomingsand problems with securely pairing transmitting devices with receivingdevices, improved systems and techniques for pairing devices aredesirable.

SUMMARY

The disclosed embodiments address disadvantages of existing systems byproviding novel systems, methods, and techniques for securely pairingtransmitting devices with receiving devices. Unlike any priorimplementations, the disclosed systems and methods improve the pairingof a transmitting device with a receiving device by enablingtransmitting and receiving devices to communicate secure messages via aprimary communication method, such as radio frequencies, based on asecurity key shared via a secondary communication method, such asvisible light, sound, thermal energy, vibration, or the like that maynot share the same interception risks as radio frequencies, for example.Thus, the disclosed systems and methods may provide a secure pairingbetween a transmitting and receiving device by exchanging security keysvia a more secure secondary communication method in order to securelycommunicate using a first communication method. Further, by using thesemore secure secondary communication methods, the risks of an un-trustedthird party discovering the security key through eavesdropping may bereduced, speed of pairing between the two devices may be increased, andthe amount of overhead that is required to share security keys may bereduced over pre-existing systems.

Consistent with certain disclosed embodiments, a method is providedprovided for secure communication for secure communication between areceiving device and a first device. The method may include the step ofcommunicating with a first device via a first communication method overa wireless communication network. The method may also include a step ofacquiring, from the first device via a second communication method, afirst sensory pattern representing a first key, the first key being asecurity key, wherein the second communication method is different fromthe first communication method. The method may further include a step ofdetermining the first key by deciphering the first sensory pattern usinga deciphering scheme. In addition, the method may include a step ofcommunicating with the first device via the first communication methodusing the first key.

Moreover, consistent with certain disclosed embodiments, a system isprovided for secure communication for secure communication between areceiving device and a first device. The system may include a memorystoring instructions and one or more processors. The one or moreprocessors may be configured to execute instructions to communicate witha first device via a first communication method over a wirelesscommunication network. The one or more processors may also be configuredto execute instructions to acquire, from the first device via a secondcommunication method, a first sensory pattern representing a first key,the first key being a security key, wherein the second communicationmethod is different from the first communication method. The one or moreprocessors may be further configured to execute instructions todetermine the first key by deciphering the first sensory pattern using adeciphering scheme. In addition, the one or more processors may beconfigured to execute instructions to communicate with the first devicevia the first communication method using the first key.

Consistent with certain disclosed embodiments, a method is provided forsecure communication for secure communication between a transmittingdevice and a first device. The method may include a step ofcommunicating with a first device via a first communication method overa wireless communication network. The method may also include a step oftransmitting, to the first device via a second communication method, afirst sensory pattern representing a first key, wherein the first key isa security key, wherein the second communication method is differentfrom the first communication method, and wherein the first key isencoded using a ciphering scheme. The method may further include a stepof communicating with the first device via the first communicationmethod using the first key.

In addition, consistent with certain disclosed embodiments, a system isprovided for secure communication between a transmitting device and afirst device. The system may include a memory storing instructions andone or more processors. The one or more processors may be configured toexecute instructions to communicate with a first device via a firstcommunication method over a wireless communication network. The one ormore processors may also be configured to execute instructions totransmit, to the first device via a second communication method, a firstsensory pattern representing a first key, wherein the secondcommunication method is different from the first communication method,and wherein the first key is encoded using a ciphering scheme. Inaddition, the one or more processors may be configured to executeinstructions to communicate with the first device via the firstcommunication method using the first key.

Aspects of the disclosed embodiments may also include a non-transitorytangible computer-readable medium that stores software instructionsthat, when executed by one or more processors, are configured for andcapable of performing and executing one or more of the methods,operations, and the like consistent with the disclosed embodiments.

It is to be understood that both the foregoing general description andthe following detailed description are exemplary and explanatory only,and are not restrictive of the disclosed embodiments as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of this specification, illustrate disclosed embodiments and,together with the description, serve to explain the disclosedembodiments. In the drawings:

FIG. 1 is a block diagram of an example system environment for securelypairing a transmitting device with a receiving device;

FIG. 2 is a block diagram of an example transmitting device configuredto perform functions of the disclosed methods, consistent with disclosedembodiments;

FIG. 3 is a block diagram of an example receiving device configured toperform functions of the disclosed methods, consistent with disclosedembodiments;

FIG. 4 is a flowchart of an example process for pairing devices forsecure communication, consistent with disclosed embodiments;

FIG. 5 is a flowchart of an example process for authenticating devicesusing a security key, consistent with disclosed embodiments;

FIG. 6 is a flowchart of an example process for replacing a securitykey, consistent with disclosed embodiments; and

FIG. 7 is a flowchart of an example process for utilizing for updating aprocess for pairing devices for secure communication based on a pairingconfiguration, consistent with disclosed embodiments.

DETAILED DESCRIPTION

The disclosed embodiments are directed to systems and methods forsecurely pairing a transmitting device with a receiving device. Inparticular, the disclosed systems and methods include techniques forpairing a transmitting device with a receiving device via a primarycommunication method based on a security key communicated via asecondary communication method. As an example, the disclosed embodimentsmay involve a scenario where a user's smart card attempts to set-upcommunications with a user's smartphone in order to send sensitiveinformation (such as the smartcard's issuer identification number,expiration date, pin, and/or transactions conducted with the smart card,etc.) to the user's smartphone. Using this scenario, the user's smartcard may attempt to transmit a security key to the user's smartphone inorder to let the smartphone know that it can be trusted before sendingthe sensitive information. The smartphone, in turn, may want to checkthe security key against a known security key that it acquired from, forexample, a server in order to verify that the smart card can be trusted.

In some embodiments, for example, a transmitting device may use asecondary communication method to communicate information representativeof a security key to a receiving device. The second communication methodmay involve close-range non-radio modes of communication that aredistinguished from the primary communication method. The secondcommunication method may include, for example, transmitting a sensorypattern representing the security key using light (visible ornon-visible), sound, thermal energy, vibration, or the like. In someembodiments, after the receiving device has acquired the sensorypattern, the receiving device may determine the security key bydeciphering the pattern using a deciphering scheme. Once the receivingdevice determines the security key, the transmitting device or receivingdevice may communicate with each other via a primary method ofcommunication, such as Bluetooth™ or other wireless or radiocommunication technologies, using the security key.

In some embodiments, the transmitting device and receiving device mayacquire a pairing configuration from a server or local storage. Apairing configuration may include parameters that define how thetransmitting and receiving device may communicate with each other. Forexample, the pairing communication may include parameters, such as atype of primary communication method, secondary communication method,deciphering scheme (or ciphering scheme), security key, etc. In someembodiments, the pairing configuration allows the transmitting deviceand/or receiving device to change a parameter of communication (e.g.,primary communication method, secondary communication method,communication protocol, deciphering scheme, etc.) in real time. Inaddition, the transmitting device, receiving device, server, or anoutside process may change the pairing configuration in real time.

Reference will now be made in detail to the disclosed embodiments,examples of which are illustrated in the accompanying drawings. Whereverconvenient, the same reference numbers will be used throughout thedrawings to refer to the same or like parts.

FIG. 1 shows a block diagram of an example system environment forsecurely pairing a transmitting device 110 with a receiving device 120.The components and arrangements shown in FIG. 1 are not intended tolimit the disclosed embodiments, as the components used to implement thedisclosed processes and features may vary.

In accordance with disclosed embodiments, system 100 may includetransmitting device 110, receiving device 120, network 130, localnetwork 135, pairing server(s) 140, and database(s) 150. Othercomponents known to one of ordinary skill in the art may be included insystem 100 to gather, process, transmit, receive, and provideinformation used in conjunction with the disclosed embodiments.

Transmitting device 110 may be a device comprising a memory, processor,and other specialized hardware that is configured to transmit a patternusing a particular communication method or medium to receiving device120. For example, transmitting device 110 may include a transmittercapable of transmitting a pattern using a medium of light (e.g., alight-emitting diode, an incandescent light bulb, etc.), sound (e.g., aspeaker, a digital audio transmitter, a frequency modulationtransmitter), thermal energy (e.g., thermoelectric power generator, fan,infrared laser, etc.), vibrations (e.g., a motor, such as a Pico Haptic™shaftless vibration motor, etc.), pulses of air (e.g., a fan, an aircompressor, etc.) or the like to receiving device 120. Receiving device120 may be a device comprising a memory, processor, and otherspecialized hardware that is configured to receive a pattern fromtransmitting device 110 that is transmitted using a particularcommunication method or medium. For example, receiving device 120 mayinclude a sensor capable receiving or detecting a pattern transmitted bya medium of light (e.g., a camera, a light sensor, etc.), sound (e.g., amicrophone, etc.), thermal energy (e.g., a thermal leak detector, athermal energy etc.), vibrations (e.g., a piezoelectric accelerometer, avelocity sensor, a proximity probe, etc.), pulses of air (e.g., apiezoelectric accelerometer, a velocity sensor, a proximity probe,etc.), or the like from transmitting device 110.

Transmitting device 110 and receiving device 120 may be the same type ofdevice or different types of devices. For example, in some embodiments,transmitting device 110 and/or receiving device 120 may be a type ofcard or card-like device such as an ID card, a membership card, a creditcard, a debit card, an ATM card, a gift card, or any other type of cardor other card-like device associated with at least one account. Asanother example, transmitting device 110 and/or receiving device 120 maybe a type of personal computing device such as, for example, a mobiledevice with computing ability, a tablet, smartphone, wearable devicesuch as Google Glass™ or a smart watch, a general purpose or notebookcomputer, or any combination of these computers and/or affiliatedcomponents. Transmitting device 110 and/or receiving device 120 may, asan additional example, be a device worn and/or carried by user 105 suchas, for example, a fob, a key fob, a wristband, a necklace, or any otherportable electronic device.

Transmitting device 110 and/or receiving device 120 may also beassociated with a user 105. In some embodiments, user 105 is anindividual associated with one or more accounts, and transmitting device110 and/or receiving device 120 may be associated with or may includeinformation concerning one or more of these accounts.

Network 130 may comprise any type of computer networking arrangementused to exchange data. For example, network 130 may be the Internet, aprivate data network, virtual private network using a public network,and/or other suitable connection(s) that enables the components ofsystem 100 to send and receive information. Network 130 may also includea public switched telephone network (“PSTN”) and/or a wireless networksuch as a cellular network, wired Wide Area Network (WAN), WiFi network,or other known wireless network (e.g., WiMAX) capable of bidirectionaldata transmission.

Local network 135 may comprise any type of computer networkingarrangement used to exchange data in a localized area, such as WiFibased on IEEE 802.11 standards, Bluetooth™, Ethernet, and other suitablenetwork connections that enable components of system 100 to interactwith one another and to connect to network 130 for interacting withcomponents in system environment 100. In some embodiments, local network135 comprises a portion of network 130. In other embodiments, componentsof system 100 may communicate via network 130 without a separate localnetwork 135.

Pairing server(s) 140 may include one or more computer-based systemsincluding computer system components, desktop computers, workstations,tablets, hand held computing devices, memory devices, and/or internalnetwork(s) connecting the components. In some embodiments, pairingserver 140 may be enabled for cloud computing. Pairing server 140 mayinclude a physical and/or virtual storage system associated with cloudstorage for storing data and providing access to data via network 130.Pairing server 140 may include cloud services such as those offered by,for example, Amazon®, Apple®, Cisco®, Citrix®, IBM®, Joyent®, Google®,Microsoft®, Rackspace®, Salesforce.com®, and Verizon®/Terremark®, orother types of cloud services accessible via network 130. In someembodiments, pairing server 140 comprises multiple computer systemsspanning multiple locations and having multiple databases or multiplegeographic locations associated with a single or multiple cloud storageservices.

As used herein, pairing server 140 refers to physical and virtualinfrastructure associated with a single cloud storage service. In someembodiments, pairing server 140 manages and/or stores data in database150. In addition, pairing server 140 may be owned and/or operated by anentity responsible for issuing (e.g., creating or authorizing thecreation of) transmitting device 110 and maintaining one or moreaccounts associated with transmitting device 110. In some embodiments,pairing server 140 is associated with one or more of membershipfacilities, such as fitness centers, government organizations, such asstate governments or departments of motor vehicles, banks, credit cardcompanies, hospitals, hotels, or any other entities that may issuedevices such as transmitting device 110, and/or maintain one or moreaccounts. In some embodiments, pairing server 140 may be configured toauthenticate a transmitting device 110 or receiving device 120 based onone or more known authentication techniques before providingconfiguration data or other information, such as a security key of thedisclosed embodiments, to the transmitting device 110 and/or receivingdevice 120.

Database 150 may include one or more memory devices that store data andinstructions used to perform one or more aspects of the disclosedembodiments. In some aspects, components of system 100 (shown and notshown) may be configured to receive, obtain, gather, collect, generate,or produce information to store in databases 150. For example, in someembodiments, database 150 may store information, such as one or morepairing configurations for the secure pairing associated withtransmitting device 110, receiving device 120, and/or pairing server140. Database 150 may also include any combination of one or moredatabases controlled by memory controller devices (e.g., otherserver(s), etc.) or software, such as document management systems,Microsoft™ SQL databases, SharePoint™ databases, Oracle™ databases,Sybase™ databases, or other relational databases. In some embodiments,database 150 may comprise an associative array architecture, such as akey-value storage, for storing and rapidly retrieving large amounts ofinformation about an individual.

FIG. 2 shows a block diagram of an example transmitting device 110configured to perform functions of the disclosed methods, consistentwith disclosed embodiments. As shown, transmitting device 110 mayinclude a display 210, input/output (“I/O”) devices 220, one or moreprocessors 230, memory 240 having stored thereon one or more programs250, such as one or more application(s) 252, and also data storage 260.Transmitting device 110 may also include an antenna 270 and one or moretransmitting sensor(s) 280 and transmitter(s) 290. One or more ofdisplay 210, I/O devices 220, processor(s) 230, memory 240, antenna 270,transmitting sensor(s) 280, and transmitter(s) 290 may becommunicatively coupled to one or more of the other devices depicted inFIG. 2. Such a connection may be accomplished using a bus or otherinterconnecting device.

I/O devices 220 may include one or more devices that enablestransmitting device 110 to receive input from user 105 and providefeedback to user 105. I/O devices 220 may include, for example, one ormore buttons, switches, speakers, microphones, or touchscreen panels. Insome embodiments, I/O devices 220 may be manipulated by user 105 toinput information into transmitting device 110.

Processor 230 may be one or more known processing devices, such as amicroprocessor from the Pentium™ or Atom™ families manufactured byIntel™, the Turion™ family manufactured by AMD™, the Exynos™ familymanufactured by Samsung™ or the Snapdragon™ family manufactured byQualcomm™. Processor 230 may constitute a single core or multiple coreprocessor that executes parallel processes simultaneously. For example,processor 230 may be a single core processor configured with virtualprocessing technologies. In certain embodiments, processor 230 may uselogical processors to simultaneously execute and control multipleprocesses. Processor 230 may implement virtual machine technologies, orother known technologies to provide the ability to execute, control,run, manipulate, store, etc. multiple software processes, applications,programs, etc. In another embodiment, processor 230 may include amultiple-core processor arrangement (e.g., dual, quad core, etc.)configured to provide parallel processing functionalities to allowtransmitting device 110 to execute multiple processes simultaneously.One of ordinary skill in the art would understand that other types ofprocessor arrangements could be implemented that provide for thecapabilities disclosed herein.

Memory 240 may be a volatile or non-volatile, magnetic, semiconductor,tape, optical, removable, non-removable, or other type of storage deviceor tangible (i.e., non-transitory) computer-readable medium that storesone or more program(s) 250 such as application 252, and data storage260. Data storage 260 may store, for example, user 105's personalinformation, account information, displays, settings, one or morepairing configurations, one or more logs, and preferences.

Program(s) 250 may include operating systems (not shown) that performknown operating system functions when executed by one or moreprocessors. By way of example, the operating systems may includeMicrosoft Windows™, Unix™, Linux™, Apple™, or Android™ operatingsystems, Personal Digital Assistant (PDA) type operating systems, suchas Microsoft CE™, or other types of operating systems. Accordingly,disclosed embodiments may operate and function with computer systemsrunning any type of operating system. Transmitting device 110 may alsoinclude communication software that, when executed by a processor,enables communications with network 130, such as a Web browser software,tablet, or smart device networking software, etc. Transmitting device110 may also execute mobile applications for performing operationsconsistent with disclosed embodiments, such as a tablet or mobiledevice. In addition, program(s) 250 may include application(s) 252, suchas an application for pairing, activating, setting up, and configuringtransmitting device 110 for communicating with receiving device 120. Insome embodiments, pairing applications 252 may include instructionswhich cause processor 230 to initiate or facilitate connections betweentransmitting device 110 and receiving device 120 via a primarycommunication method and secondary communication method.

Transmitting sensors 280 may include one or more devices capable ofsensing the environment around transmitting device 110 and/or movementof transmitting device 110. In some embodiments, transmitting sensors280 may include, for example, an accelerometer, a shock sensor, agyroscope, a position sensor, a microphone, an ambient light sensor, atemperature sensor, a vibration sensor, a proximity sensor, and/or aconductivity sensor. One of ordinary skill in the art would understandthat other types of transmitting sensors 280 can be included intransmitting device 110.

Transmitters 290 may include one or more devices capable of transmittingpatterns in particular mediums. That is, transmitters 290 may compriseone or more elements capable of transmitting a pattern using one or moremediums of light, sound, thermal energy, vibrations, pulses of air, orthe like to receiving device 120. For example, transmitters may includeone or more light emitting elements capable of transmitting blinking,different colored lights, etc. to receiving device 120. Transmitters mayalso include thermoelectric devices, fans capable of producing pulse ofair, motors capable of producing vibrations, speakers, etc. In thedisclosed embodiments, transmitters may include specialized hardwareelements of a form factor configured to be provided as part of a card orcard type of transmitting device 110.

FIG. 3 shows a block diagram of an example receiving device 120configured to perform functions of the disclosed methods, consistentwith disclosed embodiments. As shown, receiving device 120 may include adisplay 310, input/output (“I/O”) devices 320, one or more processors330, memory 340 having stored thereon one or more programs 350, such asone or more application(s) 352, and also data storage 360. Receivingdevice 120 may also include an antenna 370 and one or more receivingsensor(s) 380. One or more of display 310, I/O devices 320, processor(s)330, memory 340, antenna 370, or receiving sensor(s) 380 may becommunicatively coupled to one or more of the other devices depicted inFIG. 3. Such a connection may be accomplished using a bus or otherinterconnecting device. Because receiving device 120 and transmittingdevice 110 may be the same type of device, it should be appreciated thatthey may share similar components, including those not shown. Forexample, receiving device 120 may include one or more transmitters 290.

Display 310, input/output (“I/O”) devices 320, one or more processors330, memory 340 having stored thereon one or more programs 350, such asone or more application(s) 352, and also data storage 360, and antenna370 may be configured the same and may function the same as theircorresponding structure explained with regard to FIG. 2. Receivingsensors 380 may include one or more devices capable of sensing theenvironment around receiving device 120 and/or movement of receivingdevice 120. In some embodiments, receiving sensors 380 may include, forexample, an accelerometer, a shock sensor, a gyroscope, a positionsensor, a microphone, an ambient light sensor, a temperature sensor, avibration sensor, a proximity sensor, and/or a conductivity sensor. Insome embodiments, receiving sensors 380 may allow receiving device 120to acquire a sensory pattern that represents a security key. Thesecurity key may allow receiving device 120 and transmitting device 110to securely communicate or pair with each other. One of ordinary skillin the art would understand that other types of receiving sensors 280can be included in receiving device 120.

FIG. 4 shows a flowchart of an example process for pairing devices forsecure communication, consistent with the disclosed embodiments. In thefollowing description, reference is made to certain components of FIG. 2and FIG. 3 for purposes of illustration. It should be appreciated,however, that other implementations are possible and that componentsother than those illustrated above in FIG. 2 and FIG. 3 with respect totransmitting device 110 and receiving device 120 may be used toimplement the example process of FIG. 4.

At step 410, transmitting device 110 and receiving device 120 maycommunicate with each other via a primary communication method. In someembodiments, the primary communication method involves transmittingdevice 110 and receiving device 120 communicating with each other overnetwork 130 and/or local network 135 using wireless or radiocommunication techniques; in others, it does not. In some embodiments,transmitting device 110 or receiving device 120 may attempt to startcommunicating with the other device via the primary communication methodwhen the device is turned on. In other embodiments, user 105 mayinitiate transmitting device 110, receiving device 120, or both, tobegin communicating with each other via the primary communicationmethod. In some embodiments, user 105 may provide some initial settings(e.g., account or network settings) in order to enable transmittingdevice 110 and/or receiving device 120 to communicate via the primarycommunication method.

The primary communication method may include wireless technologies, forexample, radio communication technology, microwave communicationtechnology, Wi-Fi, WiMax, ZigBee, Bluetooth™ technology, a form ofmobile communication technologies (e.g., Global System for MobileCommunications, 3G, 4G, 5G, etc.), or the like. In some embodiments,transmitting device 110 and/or receiving device 120 may be configured tocommunicate via two or more primary communication methods. Accordingly,transmitting device 110 and/or receiving device 120 may be, for example,preprogrammed or configurable to communicate via a particular primarycommunication method with the other device, among multiple other enabledcommunication methods. In some embodiments, pairing server 140 mayprovide transmitting device 110 and/or receiving device 120 with theparticular primary communication method.

Additionally, transmitting device 110 and/or receiving device 120 mayaccess one or more pairing configurations to determine the primarycommunication method to enable communications with the other device. Insome embodiments, transmitting device 110 and/or receiving device 120may access the primary communication or pairing configurations from itsown data storage (data storage 260 or data storage 360), pairing server140, or database 150.

At step 420, transmitting device 110 and/or receiving device 120 maydetermine whether to communicate via a secure communication, such as byusing a security key, for example. A determination to communicate via asecure communication may also include a determination whether toinitiate operations for communicating or exchanging a security key. Insome embodiments, transmitting device 110 and/or receiving device 120may make this determination by receiving and interpreting a notificationfrom pairing server 140 requiring the devices to initiate a securecommunication. Transmitting device 110 and/or receiving device 120 mayalso determine whether to communicate via a secure communication basedon configuration information or other information associated with anapplication stored locally on the device and/or from preprogrammedlogic.

In some embodiments, transmitting device 110 and/or receiving device 120may also determine to communicate via a secure communication bydetecting the proximity of the other device using a proximity sensorwhich may be one of transmitting sensors 280 and/or receiving sensors380. Transmitting device 110 and/or receiving device 120 may also useother types of sensors to detect the proximity of the other device. Forexample, transmitting device 110 and/or receiving device 120 may use aGPS sensor, which may be one of transmitting sensors 280 and/orreceiving sensors 380, to detect the proximity of the other device. Inone implementation, transmitting device 110 and/or receiving device 120may use its GPS sensor to compare its GPS coordinates to coordinates ofthe other device that have been acquired by pairing server 140 orcommunicated to it by the other device. It should be understood thattransmitting device 110 or receiving device 120 may use others ways orsensors to detect its proximity to the other device.

After transmitting device 110 or receiving device 120 detects itsproximity to the other device, transmitting device 110 or receivingdevice 120 may determine whether transmitting device 110 or receivingdevice 120 is within a range for secure communication based on thedisclosed techniques for communicating a sensory pattern. Adetermination that the devices are within suitable or sufficient rangefor securely communicating may trigger operations associated withproviding a secure communication, such as operations for communicatingor exchanging a security key. In some embodiments, transmitting device110 or receiving device 120 may request pairing server 140 to determinewhether transmitting device 110 or receiving device 120 is within arange for secure communication. In some embodiments, transmitting device110 and/or receiving device 120 may determine whether transmittingdevice 110 or receiving device 120 is within a range for securecommunication based on determining that the other device is positionedover and/or on at least a part of a container or box or other structure.

In some embodiments, transmitting device 110 or receiving device 120 maycompare the detected proximity of the other device to a predeterminedvalue to determine whether transmitting device 110 or receiving device120 is within a range for secure communication. For example, if thedetected proximity is less than the predetermined value, transmittingdevice 110 or receiving device 120 may determine that the other deviceis within a range for secure communication. However, if the detectedproximity is greater than the predetermined value, then transmittingdevice 110 or receiving device 120 may determine that the other deviceis not within a range for secure communication. The transmitting device110 or receiving device 120 may be preprogrammed with the predeterminedvalue or may acquire the predetermined value from the pairing server140. The disclosed embodiments include other known ways to compare thedetected proximity to a predetermined value or acquire the predeterminedvalue, and the above examples are not limiting.

If transmitting device 110 or receiving device 120 determines that it isnot within a range for secure communication, transmitting device 110 orreceiving device 120 may determine not to communicate via a securecommunication, according to the disclosed embodiments. In someembodiments, transmitting device 110 or receiving device 120 maycontinuously determine at predetermined intervals of time to whether theother device is within a range for secure communication according to thedisclosed embodiments.

If transmitting device 110 or receiving device 120 determines not toinvoke a secure communication or initiate operations for securelycommunicating, then transmitting device 110 or receiving device 120 may,in some embodiments, cease communicating via the primary communicationmethod (step 430). Additionally or alternatively, in some embodiments,transmitting device 110 or receiving device 120 may continuouslydetermine, at predetermined intervals of time, whether to initiateoperations for secure communications. In some embodiments, transmittingdevice 110 and receiving device 120 may continue to communicate usingthe primary communication method with the understanding that theenvironment is not secure. If transmitting device 110 or receivingdevice 120 determines to invoke a secure communication, transmittingdevice 110 and/or receiving device 120 may initiate operations forsecurely communicating with each other. In some embodiments,transmitting device 110 or receiving device 120 may determine whether asecurity key is available for initiating a secure communication. If itis determined that a security key is not available, then transmittingdevice 110 or receiving device 120 may initiate one or more operationsfor obtaining a security key.

For example, if receiving device 120 determines that a security key isnot available to it, then receiving device 120 may send a request for asecurity key to transmission device 110 (step 440). Thereafter,transmission device 110 may acquire (step 450) and transmit (step 460) apattern representing the security key to receiving device 120 via asecond communication method. If transmitting device 110 determines thata security key is not available to it, then it may acquire (step 450)and transmit (step 460) a pattern representing the security key toreceiving device 120 via the second communication method withoutreceiving a notification.

At step 450, transmitting device 110 may acquire a pattern representinga security key that may be used for secure communication with receivingdevice 120. In some embodiments, transmitting device 110 may acquire thepattern representing the security key from a pairing configuration oranother form of data located on pairing server 140, database 150,applications 252, or data storage 260.

In some embodiments, transmitting device 110 may acquire the patternrepresenting a security key based on a received or accessed securitykey. For example, transmitting device 110 may acquire a security keyand/or a cipher or encoding scheme from a pairing configuration oranother form of data located on pairing server 140 or database 150, forexample. Transmitting device 110 may use the cipher or encoding schemeto translate the security key into a pattern, such as a sensory patternto be communicated to receiving device 120. A variety of types of cipheror encoding schemes or protocols may be used, such as steganography,rotation encryption (e.g., ROT1), transposition, Morse code, CaesarianShift Cipher, monolaphabetic substitution, Vigenere, true code, EnigmaCode, etc., to translate the security key into the sensory pattern to betransmitted.

At step 460, transmitting device 110 may use one of transmitters 290 tosend a sensory pattern representing a security key to receiving device120. For example, transmitting device 110 may cause a light transmitter(or optical transmitter) to pulsate light in a determined pattern, whichreceiving device 120 may acquire at step 470 via a light sensor (oroptical receiver).

At step 480, receiving device 120 may determine the security key basedon the acquired pattern. In some embodiments, receiving device 120 maysend a request to server 140 so that the pairing server 140 maydetermine the security key. Pairing server 140 may then send thedetermination to receiving device 120. In some embodiments, receivingdevice 120 may decipher the pattern to determine the security key byusing one or more deciphering or decoding schemes corresponding to therespective cipher/encoding schemes used to transmit the sensory patternrepresentative of a security key. In some embodiments, receiving device120 may attempt to use one or more deciphering or decoding schemesthrough trial and error to determine the security key based on theacquired pattern. In some embodiments, receiving device 120 may identifythe corresponding deciphering or decoding scheme from a communicationtransmitted by transmitting device 110 to receiving device 120 via theprimary communication method of step 410, for example. In otherembodiments, receiving device 120 may acquire the correspondingdeciphering or decoding scheme from a separate sensory pattern receivedfrom the transmitting device, or from a portion of the same sensorypattern that is representative of a security key, transmitted bytransmitting device 110. As another example, receiving device 120 mayalso acquire one or more deciphering or decoding schemes for decipheringthe pattern from a pairing configuration, one or more applications 352,a pairing server 140, a database 150, or data storage 360. Although notshown, if receiving device 120 cannot determine the security key basedon an acquired pattern, receiving device 120 may request transmission ofa new security key or new pattern or cease communication using theprimary communication method (step 430).

If receiving device 120 determines the security key based on theacquired pattern, transmitting device 110 and/or receiving device 120may securely communicate via the primary communication method using thesecurity key. Transmitting device 110 and/or receiving device 120 mayuse the security key to securely communicate via one or more primarycommunication methods in multiple ways. For example, transmitting device110 and/or receiving device 120 may use the security key to encryptand/or decrypt messages that it uses to communicate with the otherdevice. As another example, transmitting device 110 and/or receivingdevice 120 may use the security key as a password to authenticate theother device and/or to check that the other device can be trusted.

Turning to FIG. 5, an example process for authenticating devices using asecurity key, is shown. At step 510, transmitting device 110 and/orreceiving device 120 may determine whether the security key identifiedby receiving device 120 (at step 480) matches a secret key that it hasin memory 240 or 340, data storage 260 or 360, processed by processor230 or 330 or preprogrammed into one of applications 252 and 352, orthat exists on or in pairing configurations, pairing server 140 ordatabase 150. For example, receiving device 120 may compare thedetermined (e.g. deciphered or decoded) security key that it receivedbased on the acquired pattern (step 470) to a secret key acquired byrequest from pairing server 140 or database 150. In some embodiments,the secret key acquired from pairing server 140 or database may bereceived responsive to the pairing server 140 or another systemauthenticating receiving device 120. In another example, transmittingdevice 110 may cause receiving device 120 to determine that the securitykey deciphered by receiving device 120 matches a secret key. Forexample, transmitting device 110 may send a request to receiving device120 to determine that the security key deciphered by receiving device120 matches a secret key by sending a request to receiving device viathe primary communication method. In some embodiments, transmittingdevice may send the request through pairing server 140 to receivingdevice 120.

If the determined security key does not match a known or possessedsecret key, transmitting device 110 and/or receiving device 120 maycease communication with the other device (step 520 which corresponds tostep 430 in FIG. 4). In some embodiments, transmitting device 110 and/orreceiving device 120 may additionally/alternatively request a newsecurity key (step 520). In some embodiments, the determined securitykey matches the known or possessed secret key, then transmitting device110 and/or receiving device 120 may securely communicate via the primarycommunication method. In some embodiments, the determined security keymay function as a symmetric key according to a symmetric encryptionalgorithm and used for both encrypting and decrypting communicationsbetween transmitting device 110 and receiving device 120. In someembodiments, the determined security key may include a public keyassociated with an asymmetric key algorithm. For example, transmittingdevice 110 and/or receiving device 120 may encrypt a message using itsrespective private key (step 530) and send the encrypted message to theother device via the primary communication method (step 540), where theother device decrypts the message using the security key, the secretkey, or another key it can acquire. One of ordinary skill in the artwould appreciate that a multitude of other techniques and methods may beused for transmitting device 110 and/or receiving device 120 to securelycommunicate with each other via one or more primary communicationmethods using a security key acquired and determined according to thedisclosed embodiments.

FIG. 6 shows a flowchart of an example process for replacing a securitykey, consistent with disclosed embodiments. Transmitting device 110and/or receiving device 120 may determine to change or replace asecurity key that has been shared and used to communicate via theprimary communication. It may be advantageous to change a security keyfor a number of reasons, including the detection of fraud, a manualchange requested by user 105, a detection of a breached securitymechanism, transmitting device 110 and/or receiving device 120encountering an error using while using the security key, etc. In someembodiments, transmitting device 110 and/or receiving device 120 mayreceive a notification from pairing server 140 to replace or update thesecurity key. In some embodiments, transmitting device 110 and/orreceiving device 120 may determine to replace a security key that hasbeen shared responsive to detecting, for example, inconsistent orout-of-place messages. In some embodiments, transmitting device 110and/or receiving device 120 may detect an out-of-place message byacquiring the wrong response during a verification or handshake process.The handshake process could take place in many ways known in the art,such as a handshake similar to the TCP three-way handshake, the TLShandshake, etc. As another example, transmitting device 110 and/orreceiving device 120 may determine to change or replace a security keyresponsive to determining that the security key has been used longerthan a predetermined amount of time (i.e. time of validity). Afterdetermining to replace or change the security key, transmitting device110 and/or receiving device 120 may initiate and/or perform one or moresteps (620-690) for replacing the security key. Steps 620-690 may besimilar to those previously described in FIG. 4 above (420-490) in viewof pairing transmitting device 110 and receiving device 120 using a newsecurity key, and thus a detailed description of these steps is omittedhere for conciseness.

FIG. 7 shows a flowchart of an example process for pairing devices forsecure communication based on a pairing configuration, consistent withdisclosed embodiments. As discussed above, a pairing configuration mayallow the transmitting device 110, receiving device 120, pairing server140, or an outside process to change the pairing configuration in realtime.

At step 710, transmitting device 110 and/or receiving device 120 maydetect a changed or updated pairing configuration by detecting a changein one or more parameters of a pairing configuration. For example, insome embodiments, transmitting device 110 and/or receiving device 120may receive a notification from pairing server 140 that a parameter inthe pairing configuration has changed. In some embodiments, transmittingdevice 110 and/or receiving device may change or update a parameter inthe pairing configuration at the pairing server and/or in a localstorage. Once a change or an updated parameter in the pairingconfiguration is detected, transmitting device 110 and/or receivingdevice 120 may initiate or perform one or more steps (720-790) forupdating a security key based on the updated pairing configuration.Steps 720-790 are similar to those previously described in FIG. 4 above(420-490) and in FIG. 6 (620-690), and thus a detailed description ofthese steps is omitted here for conciseness. Steps 720-790 may differfrom steps 620-690 and 420-490 in that transmitting device 110 andreceiving device 120 perform the respective operations based on achanged or updated pairing configuration.

In some embodiments, transmitting device 110 and receiving device 120may acquire a pairing configuration from pairing sever 140 or datastorage 260 or 360. The pairing configuration may include parametersthat define how the transmitting device 110 and receiving device 120communicate with each other. For example, the pairing communication mayinclude parameters, such as a type of primary communication method,secondary communication method, ciphering or encoding scheme,deciphering scheme, security key, etc. In some embodiments, pairingconfiguration allows the transmitting device 110 and/or receiving device120 to change an aspect of communication (e.g., primary communicationmethod, deciphering scheme, etc.) in real time.

Transmitting device 110 and/or receiving device 120 may report or logany of the steps discussed above in FIGS. 5-10 into a pairing server 140and database. Moreover, the disclosed embodiments can be used in manydifferent applications. A few example applications follow:

-   -   pairing a medical device to a smartphone to monitor a patient's        vital signs;    -   pairing a smart card to a smartwatch to monitor transactions in        real time;    -   pairing a car to a tablet to monitor analytics related to        various driving conditions of the car in real time;    -   pairing an unmanned aerial vehicle to a universal controller to        control the movement of the unmanned aerial vehicle;    -   pairing a smart home device, such as a smart lock, thermostat,        light, etc., with a smartphone to control the smart home device;        and    -   pairing a key fob to a smart lock to control and monitor the        smart lock.

Descriptions of the disclosed embodiments are not exhaustive and are notlimited to the precise forms or embodiments disclosed. Modifications andadaptations of the embodiments will be apparent from consideration ofthe specification and practice of the disclosed embodiments. Forexample, the described implementations include hardware, firmware, andsoftware, but systems and techniques consistent with the presentdisclosure may be implemented as hardware alone. Additionally, thedisclosed embodiments are not limited to the examples discussed herein.

Computer programs based on the written description and methods of thisspecification are within the skill of a software developer. The variousprograms or program modules may be created using a variety ofprogramming techniques. For example, program sections or program modulesmay be designed in or by means of Java, C, C++, assembly language, orany such programming languages. One or more of such software sections ormodules may be integrated into a computer system, non-transitorycomputer-readable media, or existing communications software.

Moreover, while illustrative embodiments have been described herein, thescope includes any and all embodiments having equivalent elements,modifications, omissions, combinations (e.g., of aspects across variousembodiments), adaptations or alterations based on the presentdisclosure. The elements in the claims are to be interpreted broadlybased on the language employed in the claims and not limited to examplesdescribed in the present specification or during the prosecution of theapplication, which examples are to be construed as non-exclusive.Further, the steps of the disclosed methods may be modified in anymanner, including by reordering steps or inserting or deleting steps. Itis intended, therefore, that the specification and examples beconsidered as example only, with the true scope and spirit beingindicated by the following claims and their full scope of equivalents.

What is claimed is:
 1. A method for secure communication between atransmitting device and a first device, the method comprising:communicating with a first device via a first communication method overa wireless communication network; transmitting, to the first device viaa second communication method, a first sensory pattern representing afirst key, wherein: the first key is a security key; the secondcommunication method is different from the first communication method;and the first key is encoded using a ciphering scheme; determining thata pairing configuration has changed; transmitting, to the first devicevia a third communication method, a second sensory pattern representinga second key, the third communication method being specified by theconfiguration, wherein the second key is encoded based on a cipheringscheme specified by the pairing configuration; and in response todetermining that the first key matches a third key located on a server,the third key being a secret key: encrypting a message using a fourthkey, the fourth key being a public key, and sending the encryptedmessage to the first device via the first communication method;communicating with the first device via a fourth communication method.2. The method of claim 1, wherein transmitting the first and secondsensory patterns further comprises transmitting, via an opticaltransmitter, a light pattern to the first device, the first device beinglocated in a container configured to contain the first device.
 3. Themethod of claim 1, wherein the first pattern comprises a patternrepresenting the ciphering scheme used to encode the first key.
 4. Themethod of claim 1, further comprising acquiring the ciphering schemefrom at least one of a remote server or a local storage.
 5. The methodof claim 1, further comprising acquiring, from the pairingconfiguration, at least one of the first communication method, thesecond communication method, or the ciphering scheme.
 6. The method ofclaim 1, further comprising: receiving, from a server, a request tochange the second communication method to the third communicationmethod.
 7. The method of claim 1, further comprising: receiving anotification from a server to terminate communication with the firstdevice; and deleting the first key from a local storage.
 8. The methodof claim 1, further comprising: determining a proximity to the firstdevice; and transmitting the first pattern when the proximity is withina predetermined range.
 9. The method of claim 1, further comprising:receiving a notification associated with the first pattern; andtransmitting the first pattern in response to receiving thenotification.
 10. The method of claim 1, further comprising: receiving afraud detection notification; and in response to receiving the frauddetecting notification: communicating with the first device via thefirst communication method using the second key.
 11. The method of claim1, wherein the first device comprises one of a smart phone, a smartcard, a wearable device, an unmanned aerial vehicle, or a medicaldevice.
 12. The method of claim 1, further comprising: encrypting amessage using the first key; and transmitting the encrypted message tothe first device via the first communication method.
 13. The method ofclaim 1, wherein the first communication method comprises radiofrequency communication.
 14. The method of claim 1, wherein the secondcommunication method comprises communicating at least one of a lightpattern, a sound pattern, a thermal energy pattern, or a vibrationpattern.
 15. The method of claim 1, wherein the first key has apredetermined time of validity.
 16. The method of claim 15, furthercomprising: in response to determining that the predetermined time ofvalidity has lapsed: communicating with the first device via the firstcommunication method using the second key.
 17. A non-transitorycomputer-readable storage medium encoded with instructions which, whenexecuted by one or more processors, perform operations comprising:communicating with a first device via a first communication method overa wireless communication network; transmitting, to the first device viaa second communication method, a first sensory pattern representing afirst key, wherein: the first key is a security key; the secondcommunication method is different from the first communication method;and the first key is encoded using a ciphering scheme; determining thata pairing configuration has changed; transmitting, to the first devicevia a third communication method, a second sensory pattern representinga second key, the third communication method being specified by theconfiguration, wherein the second key is encoded based on a cipheringscheme specified by the pairing configuration; and in response todetermining that the first key matches a third key located on a server,the third key being a secret key: encrypting a message using a fourthkey, the fourth key being a public key, and sending the encryptedmessage to the first device via the first communication method;communicating with the first device via a fourth communication method.18. The non-transitory computer-readable storage medium of claim 17,wherein the operations further comprise: determining a proximity to thefirst device; and transmitting the first pattern when the proximity iswithin a predetermined range.